Upgrading the minimum TLS version to TLSv1.2

Security has always been a priority for us at CloudMailin. As an email service provider it's often necessary for us to balance customer requirements and usability and where possible we always give our users a choice. For a while now we've supported both TLS 1.2 and TLS 1.3 on our platform, but we've also allowed connections from servers using TLS versions lower than this if the customer requests it.

When your application receives an email with CloudMailin we allow you to see whether the email was transmitted over an encrypted connection or just sent without. But now it's time to talk about protocols. Older versions of TLS (and SSL) such as 1.0 and 1.1 are not as secure as the newer standards. There have been numerous attacks based on these older standards and ultimately we now believe that continuing to allow customers to send email in these standards is misleading.

Most web browsers have started to disable TLS 1.0 and 1.1 by default. Email can often be a little behind when it comes to the latest in security and a minority of our customer's clients still send their email over older versions of TLS.

However, we're planning to disable receiving encrypted email over older TLS versions:

On 01/08/2020 we will disable TLS 1.0 and 1.1

Most email systems will fallback to making an unencrypted connection if they cannot establish an encrypted one. We therefore anticipate very little impact of this move unless you currently use the TLS details to block unencrypted email traffic sent to your web application.

However, we strongly advise that your clients upgrade their connections to the latest versions of TLS. If you need any help relating to this please contact us and we'll be happy to assist.